Getting Started
chevron down
 

Getting Started with the Fitbit APIs

Creating a Fitbit Developer Account

To use the Fitbit APIs, you need to have a Fitbit developer account. To create a developer account,

  1. Go to https://accounts.fitbit.com/signup to register for a fitbit.com account. The email address must be valid to complete the verification process. An existing fitbit.com account can be used.
  2. A verification email will be sent to the user requesting a response.
    Once the email address is verified, the user will be able to access https://dev.fitbit.com/apps to register new applications used to query the Web APIs.

To change the registered email address of the Fitbit developer account, please contact Fitbit Web API support for assistance.

TIP: For larger organizations, we recommend the developer account email address be a distribution list. Distribution lists are easier to manage ownership as people migrate throughout the company.

Registering an Application

An application must be registered within the developer account prior to calling the Fitbit Web APIs for the first time. Each registered application is provided with a client ID and secret. These client credentials will need to be referenced by the application during user authorization.

Steps to register your application with Fitbit

  1. Go to https://dev.fitbit.com/apps
  2. In the upper right hand corner, click the link "Register a new application"

or

  1. Go to https://dev.fitbit.com
  2. In the upper right hand corner, click on Manage -> Register an App

Fill out the following fields:

Application Name required The name of your application.
Description required Describe what your application does.
Application Website required The URL that points to your application website or download page.
This URL is presented to the user during consent.
Organization required The name of your company or organization.
Organization Website required Your company or organization website URL.
Terms of Service URL required The link to your Terms of Service document related to this application. It will be presented to the user during consent.
Privacy Policy URL required The link to your Privacy Policy document related to this application. It will be presented to the user during consent.
OAuth 2.0 Application Type required Supported: Server | Client | Personal

See Application Types
Callback URL required A link sending the onboarding user back to your application. The URL must be absolute. See Redirect URL.
Default Access Type required Supported: Read-only | Read & Write

See Access Types
Add a Subscriber optional / recommended This is required if you want to received webhook / push notifications for updates to user data. Not required for registering an application. See Subscriptions

NOTE: All URLs must use https.

Application Types

When registering your application, select the appropriate “OAuth 2.0 Application Type”. See Authorization to determine the recommended OAuth 2.0 authorization flow that should be used for your application type.

  • “Server” (recommended) applications are usually multi-tier and have a server component to the architecture. They provide server-side authentication where the application and server communicate via a web service.
  • “Client” applications are usually single-tier and do not have a server component to the architecture. These applications allow for client-side authentication.
  • “Personal” applications can only access data in the developer account. They automatically receive access to intraday time series data that otherwise requires Fitbit approval. They can be created using a client or server architecture.


Access Types

Applications operate in a read-only or read & write manner. This is an application-level setting and applies to all scopes. This is configured in the application settings at https://dev.fitbit.com/apps.

WARNING: Changing the access type settings will immediately invalidate all existing access tokens.

Registration Page Example

Completed application registration form



Application Settings

All registered applications will appear under the developer’s account at https://dev.fitbit.com/apps. Selecting one of the applications will display a summary of the application settings (see image).

NOTE: Never put your client secret in distributed code, such as apps downloaded through an app store or client-side JavaScript. Also, never give your client secrets to external people or post it on a public forum. Fitbit employees may ask for this information to troubleshoot problems. The information should be sent privately, and only the first 10 characters of your client secret will typically be requested to verify application ownership.

Application Settings Example

Application Settings